Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-23645

Опубликовано: 18 фев. 2022
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds.

An out-of-bounds read vulnerability was found in swtpm. The vulnerability exists due to a boundary condition when the byte array representing the state of the TPM is accessed. This flaw allows an attacker to send a specially crafted header, triggering an out-of-bounds read access on the byte array containing the TPM's state. This issue can crash swtpm or prevent it from starting.

Меры по смягчению последствий

No possible workarounds. Users should upgrade to swtpm v0.5.3, v0.6.2 or v0.7.1.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:8.2/swtpmNot affected
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:av/swtpmFix deferred
Red Hat Enterprise Linux 8virt-develFixedRHSA-2022:747208.11.2022
Red Hat Enterprise Linux 8virtFixedRHSA-2022:747208.11.2022
Red Hat Enterprise Linux 9swtpmFixedRHSA-2022:810015.11.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=2056491swtpm: Unchecked header size indicator against expected size

EPSS

Процентиль: 4%
0.0002
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-23645

CVSS3: 6.2
ubuntu
больше 3 лет назад

swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds.

nvd логотип

CVE-2022-23645

CVSS3: 6.2
nvd
больше 3 лет назад

swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds.

debian логотип

CVE-2022-23645

CVSS3: 6.2
debian
больше 3 лет назад

swtpm is a libtpms-based TPM emulator with socket, character device, a ...

suse-cvrf логотип

SUSE-SU-2022:1297-1

suse-cvrf
около 3 лет назад

Security update for swtpm

oracle-oval логотип

ELSA-2022-8100

oracle-oval
больше 2 лет назад

ELSA-2022-8100: swtpm security and bug fix update (LOW)

EPSS

Процентиль: 4%
0.0002
Низкий

5.5 Medium

CVSS3